A simple guide to fix the “invalid or corrupted package” error in Arch Linux.
I have a few Arch Linux systems in both physical and VM setup, which I access when needed. After almost two months, when I tried to upgrade the Arch Linux in one of them using sudo pacman -Syu, I got hundreds of errors like this:
The problem is when you get the above error, you can not upgrade/update your Arch system. Even if you sync the mirrors or get a faster one. So, if you run sudo pacman -Syyu, the error will still be there. This is also problematic since you can’t install any additional packages until this is fixed.
Cause
When you install or upgrade packages on an Arch Linux system, pacman checks the digital signatures of the packages against the keys in the archlinux-keyring package. This verification process ensures that the packages you download and install are unmodified and come from trusted sources.
It contains the public keyring used to verify the authenticity and integrity of packages and in pacman. The archlinux-keyring package is regularly updated by the Arch Linux developers to include new trusted keys and revoke any compromised keys.
If you have not updated your Arch Linux system for a longer period, then the digital signatures of various packages may mismatch. The changed keys may not match what you have in your system.
Hence the error.
Fix
To fix “invalid or corrupted package (PGP signature)” error in Arch Linux, you need to install/update the archlinux-keyring package from the Core repo. Run the following from the terminal:
sudo pacman -S archlinux-keyring
After the above command is complete, run the upgrade:
sudo pacman -Syu
This will resolve the problem, and you can continue your normal activity in Arch Linux. It’s recommended to always keep the archlinux-keyring package up to date to maintain the security and integrity of your Arch Linux system.
